05/24/2007 THU 15:48 FAX 7035185499 



PTO Central Fax 



12)006/038 



Docket No. . 4590-548 



PATENT 



RECEIVED 
CENTRALftfc'GEhlTER 



AMENDMENTS TO THE CX.AIMS: 



MAY 2 4 2007 



This listing of claims will replace all prior versions, and listings, of claims in the application: 
Listing of Claims: 

1. (Currently Amended) [[-]] A method M e thod making it po s sibl o to detect and/or to 
avoid the modification of software embedded in a programmable memory within a system 
comprising a hard kernel containing hardware security functions suitable for verifying the 
integrity of a soft kernel comprising a programmable memory, the system comprising a local 
data interface, oharactoriaod in that it compris e s comprising at l e ast the following steps: 

Al fe e signal rocoivod on the looal data int e rfac e is not valid, plaoo placing the system 

in a disabled state if the signal received on the local data interface is not valid: 

B4 — the signal roccivcd on tho local data int e rfac e i s a disconnection signal r Qr - th e r e is 
no signal, instigate instigating a secure startup procedure, with execution of the control functions 
if the signal received on the local data interface is a disconnection signal, or there is no signal: 

A ut o t est auto testing of the hard kernel wherein : 

• — If tho auto t e st is OK, then test the int e grity of th e reprogrammable momory, 
e — If thia integrity is OK, th e n n a c tivat e th e oyotom for normal operation 
•© — If this integrity i o KO, th e n place the - syst e m in a disabled otato > 

• — If th e auto tost is KO, then place th e syst e m in a disabl e d s tat e ? 

Gi — the r e ceived signal is a valid startup signal; 

m — If tho system is in a d e velopment modo, rondor it onablod, 

* — If th e s yst e m is in an enabled utilization mode and if th e oignal is a tost oignal, then 
deactivat e at l e ast on e of th e e ss e ntial Amotion s of onabl e d op e ration 

if the auto test is OK- then test the integrity of the reprogrammable memory; 
if this integrity is OK» then activate the system for normal operation: 
if this integrity is KO. then place the system in a disabled state: 

if the auto test is KO. then place the system in a disabled state: 

wherein if the received signal is a valid startup signal: 
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if the system is in a development mode, render it enabled; 

if the system is in an enabled utilization mode and if the signal is a test signal then 
deactivate at least one of the essential functions of enabled operation. 

2. (Currently Amended) [[-]] A method M e thod making it possible to detect and/or to avoid 
illicit modifications of manufacturer software within a GSM-type system, comprising a hard 
kernel and a soft kernel, a local data interface, comprising at least the following steps: 

A3 the signal r e c e iv e d on th e looal data interface of the terminal is not valid, plac e 

placing the GSM terminal in a disabled state, if the signal received on the local data interface of 
the terminal is not valid; 

B3 — th e signal r e ceiv e d on the looal data interface is a disconn e ctio n s ignal, or there is 
no signal, instigat e instigating a secure startup procedure, with execution of the control functions 
if the signal received on the local data interface is a disconnection signal, or there is no signal : 

Autot e st auto testing of the hard kernel wherein : 

• — I f-tfoe- a trte- t e ot io OK, then toot the int e grity of tho 30ft lcornol 

« — If this integrity io OK^ th e n activate tho terminal for normal op e ration, 
e — If tho integrity is KO ; th e n plac e th e t e rminal in a disabled otate, 

• — If th e auto t e ot io KO, thon plaoo tho GSM terminal in a disabled s tat e. 

G3 — th e r e ceived signal is a valid startup signal: 

• — If th e fuse io not blown, render tho GSM terminal enabl e d, 

« — If tho fuso is blown, r e nder th e t e rminal not totally e nabl e d, by d e activating at l e ast 
one of tho onablod Amotions of the t e rminal: 

« — If tho signal is a signal of JTAG t o st typ o , continu e th e t e st proc e dure, 
e — If the signal io a toot signal, start up in nons e cure modo and continu e th e t e st 
proc e dur e . 

if the auto test is OK. then test the integrity of the soft kernel: 

if this integrity is OK. then activate the terminal for nonnal operation: 
if the integrity is KO, then place the terminal in a disabled state: 

if the auto test is KO, then place the GSM terminal in a disabled state: 

wherein if the received signal is a valid startup signal: 
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I if the fuse is not blown, render the GSM terminal enabled: 

•j if the fuse is blown, render the terminal not totally enabled, by deactivating at least one of 

the enabled functions of the terminal: 

if the signal is a signal of JTAG test type, continue the test procedure, 
if the signal is a test signal, start up in nonsecure mode and continue the test 
procedure. 

3± (Currently Amended) [[-]] The method Method according to one of Claims 1 and 2 
claim 1, characteriz e d in that wherein the exchange of the data between the hard kernel and the 
soft kernel is performed by using an algorithm based on the principle of non-replay and of 
nonpredictability of the transmitted data, 

4. (Currently Amended) [[-]] The system Syst e m making it possible to detect and/or to 
avoid the modification of software embedded in a programmable memory comprising a hard 
kernel containing hardware security functions and a soft kernel comprising a programmable 
memory, a local data interface able to receive signals, characterized in that it comprises means 
suitable to: 

> plooo th o syst e m in a disabl e d stat e wh e n th e aignal roooivod on tho looal data 
int e rfac e is not valid, 

> for a d iG conn e otion signal roooivod or an absence of signal on tho local data intorfaoo, 
in s tigate a s e cur e startup pr o c e dur e , with e xecution of oontrol functions: 

Autotost of th e hard kernel: 

« — If th e auto t est i s OK, then tost tho integrity of th e programmable memory, 
e — If this integrity is OKI, th e n aotivate the system for normal op e ration 
e — If this int e grity is KO, then place the system in a disabled sta te 

♦ — If tho auto test is KO, then placo th e syst e m in a disabl e d stat e ^ 

>^ For a roooivod oignal is a valid startup signal, 

• — If th e syst e m is in a d e velopm e nt mode, render it enabled, 

• If tho oystom is in an e nabled utilization mod e , and if th e signal is a t e st signal then 
d e aotivat e at l e ast on e of th e e ss e ntial functions of enabled operation on startup. 
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placing the system in a disabled state when the signal received on the local data interface 
is not valid: 

for a disconnection signal received or an absence of signal on the local data interface, 
instigating a secure startup procedure, with execution of control functions: 
auto testing of the hard kernel wherein: 

if the auto test is OK. then test the integrity of the programmable memory: 
if this integrity is OK, then activate the system for normal operation: 
if this integrity is KO. then place the system in a disabled state: 

if the auto test is KO. then place the system in a disabled state: 

for a received signal is a valid startup signal: 

if the system is in a development mode> render it enabled: 

if the system is in an enabled utilization mode, and if the signal is a test signal then 
deactivate at least one of the essential functions of enabled operation on startup. 

5,. (Currently Amended) [[-]] The system Syst e m according to Claim 4, characterized in 
that it comprises means of securing the data exchanges between the hard kernel and the soft 
kernel. 

6. (Currently Amended) [[-]] The system System according to Claim 4, characterized in 
that the system is a GSM terminal. 

7. (Currently Amended) [[-]] The system System according to Claim 4, characterized in 
that the system is a micro-computer. 

8. (Currently Amended) [[-]] The system System according to Claim 4, characterized in 
that the system is an MP3-type reader containing a reprogrammable memory. 

' 9. (New) The method according to claim 2, wherein the exchange of the data between 

the hard kernel and the soft kernel is performed by using an algorithm based on the principle of 
non-replay and of nonpredictability of the transmitted data. 
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